Ok, I found where KScreen2 can be disabled. However after disabling it - things get wrong on every login:
You could store the config in a system-wide xorg.conf.
Or remove the nvidia-settingsrc (or however it is called) somewhere in your home folder and stick with KScreen.
I cannot help you more though. As mentioned I neither have an nvidia card nor a multi-monitor system, and I never tried to rotate a screen either as I have no use for that.
Depends on the repo.
home: repos are somebody’s personal playground though (every registered user can have one), so are not really safe in general.
In this particular case, there’s only kcm_tablet in the repo (and kdeconnect-kde5), so it cannot cause problems. In the worst case, that kcm_tablet won’t work…
Btw, even the official standard repos are from download.opensuse.org… 
Thanks for explaining about libjingle. TBH it is not such a big pain and I don’t insist on running Kopete at any price, so I don’t want to waste your time with that. I have reported it to KDE bugzilla, so hopefully someone fixes it. In the meantime I can use Pidgin.
I looked for it but I don’t see such name in YaST->Service Manager?
You need to disable it in KDE’s settings, I did mention this before…
Just to ask - does that mean installing debug versions of programs (which generally run slower etc) or any other side effects?
No.
It means installing debugging symbols for the installed programs, that the debugger can use to know function/variable names and so on.
In normal usage, those debugging files are not even used, only the debugger (gdb) loads them to get more information about the program.
They are split out so that those symbols do not take hard disk space (and RAM) for everybody unnecessarily.
And enabling the repo does not install anything, you need to do so manually (via the crash dialog e.g.).
That might be a good idea. Where do I have to put this file?
I cannot help you more though.
You have been of great help already! Thanks!
The file should be /etc/X11/xorg.conf (not /etc/X11/xorg.conf.d/ though ).
nvidia-settings should have a button to create the file, you can either save it directly to /etc/X11/ (if you run nvidia-settings as root), or copy it to that folder manually afterwards.
Note you must run nvidia setting as root to save the xorg.conf file.
Thanks wolfi!
BTW speaking of “insecure” repositories - is there a way to automatically apply a safe AppArmor profile to packages installed from such “external” sources? I am just learning how to be cautious as I am fairly new to Linux security.
Note you must run nvidia setting as root to save the xorg.conf file.
Noted. Thanks.
Or save it to your home folder and then copy it to /etc/X11/ as root (e.g. by using “sudo” or “Filemanager - Super user mode”) afterwards.
As I wrote.
Thank you very much.
I have deleted the ~/.rc*(whatever-the-nvidia-name-was) from my home and for the moment things look stable. I will keep an eye on that and if it fails I will try the xorg.conf option.
Thanks!
Btw, a Kopete with libjingle support is available here now if you want to try it:
http://software.opensuse.org/download.html?project=home%3Awolfi323%3Abranches%3AKDE%3AApplications&package=kopete
The build still mentions a missing feature:
* QGpgme <http://www.kde.org/>
QGpgME library (from kdepimlibs)
Required for the Cryptography plugin
No idea whether this would be required for Google too, I can try to enable it as well though.
Thanks wolfi.
I have just installed and tried it - same unfortunate result.
BTW the multi-monitor problem seems to be related to KScreen2 and not to NVIDIA X Server Settings. Relying only on KScreen2 again produced a wrong panel placement, so I disabled it, created xorg.conf (as root), reboot - and everything checks.
Sounds like that is ripe for a bug report
Yes. I will report it.
Does anyone know anything about that? Or am I asking something extraordinary.
But please report it to KDE, not openSUSE. They develop Plasma5 and kscreen.
Does anyone know anything about that? Or am I asking something extraordinary.
It’s not possible, at least not automatically. How should that work?
AppArmor prevents/notifies on changes to installed software. It does not prevent you from installing doggy software but will stop said doggy software from changing other stuff. Take care in that is easy to essential lock everyone including root out.
Ok.
It’s not possible, at least not automatically. How should that work?
Well, I imagine it this way (pseudocode):
if (packackage is from repo X) {
Install it and apply some default restrictive AppArmor profile (e.g. 'Isolated mode' or something like that)
} else {
// official repo
install package normally, don't put it in 'isolated' mode
}
Is such thing possible at all? (I am still learning about AppArmor)
Exactly - the ‘isolated’ mode I am describing.
Not exactly.
It can block applications from accessing resources (like certain files or folders, or the network). You need a specific profile for each application though, that controls what it is allowed to access or not.
Normally you start from a dismissive profile that doesn’t allow anything and only specifically allow to access certain things.
“log-prof” can help you with that, as it logs those accesses that are blocked.
But you have to create that profile yourself. And for many “normal” applications it’s not worth the hassle or even useful.
An application running as user cannot make any changes to the installed software anyway.
No.
AppArmor has no idea where you installed a package from.
Also, applications do need to access certain folders/files (depending on the application). Applying a default restrictive profile will break them completely.
And if not, that profile is not restrictive enough anyway to be useful.
Yes, I understand that.
Normally you start from a dismissive profile that doesn’t allow anything and only specifically allow to access certain things.
“log-prof” can help you with that, as it logs those accesses that are blocked.
Where can I read more about it?
But you have to create that profile yourself. And for many “normal” applications it’s not worth the hassle or even useful.
An application running as user cannot make any changes to the installed software anyway.
But if it is malicious it can start reading and sending data.
AppArmor has no idea where you installed a package from.
It would be nice to be able to tell it, or rather another system program (e.g. YaST “plugin”) to instruct it “Hey, I am installing this program but it must be restricted to only what it really needs to work + I want a log of everything it does before I trust it to access more data.”
Also, applications do need to access certain folders/files (depending on the application). Applying a default restrictive profile will break them completely.
Yes, but they can receive read only access and only to specific dedicated directories and files and not to the whole home/user directory where (if malicious) the software can do some mischief by sending data to another computer.
It seems like I am asking for a scenario similar to isolation in a virtual machine however without the need to install a separate OS. Is that possible at all?
But if it is malicious it can start reading and sending data.
An “official” flash-player, Chrome, Adobe Reader (or similar things) is probably more dangerous.
It would be nice to be able to tell it, or rather another system program (e.g. YaST “plugin”) to instruct it “Hey, I am installing this program but it must be restricted to only what it really needs to work + I want a log of everything it does before I trust it to access more data.”
But who should decide what it “really needs to work”, and who decides whether it should be allowed to access that or rather not?
A program might need access to the whole system to be able to work (rpm e.g.).
Yes, but they can receive read only access and only to specific dedicated directories and files and not to the whole home/user directory where (if malicious) the software can do some mischief by sending data to another computer.
Good luck in finding out which application needs to read what files exactly to work properly.
And have lot of fun doing so…
It seems like I am asking for a scenario similar to isolation in a virtual machine however without the need to install a separate OS. Is that possible at all?
Yes it is. But likely overkill, in particular with open source software.